Published on

April 09 issue of ezine deals with computer vulnerability and information security. It also deals with protecting your home and office computers

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. India’s First Corporate ezine Issue No 38 – Apr 2009 Published by Prime Point Foundation Theme of this Issue Computer Vulnerability Guest Editor M L Srinivasan In this Issue: P3 Guest Editorial P4 Top 10 IT Security issues P8 PRince Toon P9 For computer users -Ten Commandments P10 Podcasts of the month P11 PRCI Global Meet P12 GFPR Celebration P12 PReTTY Contact
  2. 2. PR-e-FACE: From the desk of Editor-in-Chief Use Technology; but guard yourself Presently, Technology has More we use the Technology, more we will grown enormously. All of be exposing ourselves to a greater risk. A us use desktop computers, new terminology like 'Cyber terrorism' laptop in different has also come into usage. In spite of all operating systems like the various threats, sadly, there is less Windows, linux, etc. All of awareness amongst the Corporates and us spend more time on the users about the security of their own internet. Every day, new virus transactions. While, we cannot stop the gets circulated and all the computers in growth of the technology and our usage, our office and at home are not safe. we need to guard ourselves from the bad effects of technology. Without your knowledge, the data can be stolen from your system. Even the In the interest of the general public, this firewalls cannot prevent this. There may issue will deal with the fundamentals of be some hole in your system, through computer vulnerabilities and how to which, the data can go out. protect ourselves from this 'greatest' risk. The online financial transactions also We want to create an awareness. We are nowadays pose greater risk. fortunate to have Mr M L Srinivasan, a Vulnerabilities in the Banking sites have well known Security Expert to Guest Edit this issue. enabled the hackers to spread their worm to the online users. Many users get cheated through fake emails asking for id and passwords. Guest Editor Mr M L Srinivasan, Founder and CEO of ChennaiNet is globally well known InfoSec professional and trainer on Information Security in India. He has written many articles on Information Security and has also authored a book. He is also ISO Auditor on Information Security. He can be reached at
  3. 3. PR-e-FACE: From the desk of Guest Editor Corporates lack awareness on vulnerabilities Today we buy software across the shelf and so on. Hackers, viruses, worms and and/or the computer that we buy comes trojan horses target these vulnerabilities with the software pre-installed in it. The to compromise the systems. Organizations most important of all the software that are install anti-virus packages to combat used in a computer is its 'Operating viruses and worms. But they seldom patch System' in short the OS. Without an their systems against the vulnerabilities. If operating system a computer is non- the vulnerabilities are identified regularly functional. Most popular operating and the systems are patched, then the systems are Microsoft Windows, Redhat incidents of virus attacks and hacking of the systems will drastically come down. Linux, BSD UNIX, Sun Solaris etc., The operating systems are divided as Server There is a lack of understanding of and Desktop. What we normally use on security issues in most of the corporate. our desktops and laptops are desktop OS. Vulnerabilities are the root cause of many The most popular OS in this category is IT security issues. Periodical scanning and Microsoft Windows which is installed in patching of the IT systems will ensure that nearly 80% of the desktops Worldwide. the systems are less prone to There are critical vulnerabilities in the compromise due to a virus or hacking attack. desktop operating systems as well as server operating systems. Vulnerabilities are prevalent in many of the applications such as Microsoft Office, database systems such as Oracle, Internet browser such as Internet explorer, Mozilla Firefox Non compliance of Security issues at Corporates may lead to (1) Monetary loss, (2) Loss of customer confidence and (3) Legal problems. Please listen to the exhaustive podcast interview at
  4. 4. Top Ten IT Security Issues An overview of IT security issues we face today, the future trends and possible actions. 1. Cyber Attacks The Internet or World Wide Web (WWW) is also called Cyber Space. This space connects various computer networks across the World (and in future in other planets that we occupy!!). Like each individual, each network is distinct in terms of the IT systems used, the way it is setup, configured and managed. This heterogeneous nature has many weaknesses that are prone to attacks. Cyber Terrorism, Cyber Warfare and Cyber vandalism are some of such attacks. Many such attacks are happening today albeit less in magnitude and in the future we may face high intensive attacks that could cripple the cyber space. Co-ordinated efforts from Computer Emergency Response Teams (CERT) across the World with timely alerts to user communities could mitigate risks from this threat. 2. IT Vulnerabilities Vulnerabilities in IT systems are holes or errors that are exploitable. They are there due to poor design or poor coding or both. When vulnerability is exploited, it results in security violation such as compromise of the IT system, service disruption or obtaining higher privileges. Vulnerabilities are the root cause of many of the security issues mentioned in this column. Efforts such as Common Vulnerabilities and Exposures (CVE), National Vulnerability Database (NVD) etc., provide glimmer of hope for combating and reducing them in the future. Based on the knowledge learned from various hacking/virus/worm related incidents it is quite possible to develop secure systems by following secure coding practices.
  5. 5. 3. Lack of Monitoring, Security testing and User awareness programs Though this is an organizational issue, monitoring of suspicious activities in the network is performed using IT systems. Information Security is predominantly based on preventive and detective controls. Monitoring assists in devising proactive and reactive actions based on events. Security testing involves vulnerability assessment, penetration testing and security policy audits. The trends indicate that many organizations lack or do not follow such procedures. User awareness in terms of Do’s and Don’ts based on organizational security policy must be created. These three activities if followed regularly would minimise the risks from all the other issues mentioned in this column. 4. Identity Theft Identity theft refers to stealing one's identity for wilful gain such as money, fame, and power and for criminal activities. A simple identity theft is stealing a password. Banks and financial institutions are defrauded by impersonation; confidential data are stolen from Government, Military and Corporate for terrorism, warfare and espionage due to identity theft. In the future this issue will assume gigantic proportions as more and more devices join the network bandwagon and establish their identity besides humans. Digital certificates, Biometrics such as finger print, voice, face and retina recognition systems, and Radio Frequency Identification Devices (RFID) are some of the effective solutions to this issue and we can expect much advancement in this area. 5. Malware Refers to (Mal)icious Soft(ware) and as the name implies, the purpose is to cause harm to the systems or steal information. Viruses, worms, spyware such as key loggers, Trojan horses, root kits etc., are examples of malware. The present trend is alarming and statistics show that hundreds of billion dollars are lost due to malware. Another statistics show that more than 50% of online users have reported spyware infection to their systems. Malware exploits system vulnerabilities and human weaknesses. Organized crimes such as planting malware in legitimate websites like online banking that gets automatically downloaded to the computers of the innocent users are on the rise. Technologies like Web2.0 also prone to malware infestations. Future trends indicate more sophisticated malware and require heightened awareness as well as using legal copy of operating system, anti-virus and personal firewall by the users.
  6. 6. 6. Botnet Botnet refers to malicious networks managed by Computer Robots. They compromise vulnerable computers (called as zombies) in the network and use them for attacking other computers, stealing information, storing and transmitting illegal data such as porn movies or pirated and malicious software. We see proliferation of distributed botnets that automatically switches the controlling computer robot to another computer or network in case of network block by the service provider/law enforcement agencies. This trend is going to increase more and more and controlling botnets will be a big challenge. There is an unofficial estimation that one quarter of the computers connected to the Internet will be compromised and become part of botnet. User awareness and periodical vulnerability and activity scanning of computers is a must for combating this threat. 7. Unsolicited Commercial Email Spam as is popularly known is an issue that drains the network resources such as bandwidth and storage space. Besides, many human hours are wasted in download time and trashing such emails. Important security issues are that spam is used for phishing, pharming and distribution of malware. The root cause of the problem is the way email is being transported and exchanged across millions of mail servers across the world and the weak spam controls. The present trend is more on using zombie computer to send spam as more and more service providers are shutting down spam servers. However, many of the spam originate from servers hosted in countries like Russia, China and Philippines. Using spam filters, and co-ordination from the countries that do not have stringent laws against spam, is the way to go for solace from this menace. 8. Mobile and wireless attacks The business and user community increasingly adopts mobile devices and wireless networks. Mobile commerce such as banking, shopping, etc are seeing rapid advancements. Common attacks that are perpetrated against such devices and networks include Bluetooth attacks, SMS Spoofing, Smishing (SMs phISHING), compromising the WEP keys as well as setting up ad hoc networks. In future, attack sophistication and vectors are bound to increase and this is one area that is going to give constant nightmare to IT and Security professionals. User awareness is the key to prevent many such attacks besides stronger authentication mechanisms.
  7. 7. 9. Web based Social Engineering Social engineering refers to the art of inducing a user to inadvertently perform an action for the purpose of obtaining sensitive information such as passwords, credit card or bank account information etc. Web based tactics involve spoofed emails that appear to have come from legitimate entity such as your bank asking for personal details, Nigerian scam, illegitimate websites constructed in such a way with a look alike of a legitimate site or in the form of giving away free software, music, video etc.. Advent of social networking sites, instant messaging and mobile phone based internet communications are some of the hot spots that will spur this activity to dangerous levels. Humans are the weakest link in a security chain. Common sense approach to any access or communication with known/unknown entity on the web must be practiced. 10. Peer-to-Peer File sharing This refers to communication between two or multiple computers directly for sharing files such as software, music, video etc. Since this activity involves direct access to the file system of the shared computer, the chances of implanting malware is very high. The concept of trusted source in such system is weak. Criminal networks operate in this domain that perpetuate organized crime. The trends are more geared towards underground suspicious activities. Participating in an insecure peer-to-peer file sharing networks is to be avoided. BE WARE AND BE AWARE OF LAW GOVERNING YOUR COMPUTERS Information Technology Act 2008 - India Section 43A Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. (Similar clauses are also there in other countries like US, UK)
  8. 8. TEN COMMANDMENTS FOR COMPUER USERS 01. Use only legal version of Operating Systems, Softwares and antivirus. Pirated OS and software may harm your computers and your data is prone to be stolen. Update the patches periodically. 02. Never transact e-banking from a public places like Cyber Café. Your id and password could be stolen through key logger software hidden in the computers. 03. No Bank will ask for your id and password through mail. When you receive such mails, do not follow the hyperlinks given in such mails. Do not give your details to unauthorized sites. Login directly through the official site of the Bank and transact. 04. Generally, keep a complicated and strong password for all your transactions (mails, financial, etc.). Never use your name or the names of family members or sequential numbers like 12345, etc. 05. Do not keep the record of your password anywhere. Keep in your mind. Storing your password in your desktop or laptop is also risky. Always type fresh every time when you login. 06. Do not open any attachments without scanning for virus, even when it comes from known sources. Do not forward the attachments to others, without scanning for virus. They are likely to contain malware to harm your system. 07. Even if you configure spam filter to separate spam mails, do not delete spam mails, without verifying once. Even genuine mails may be found in spam box. 08. Use a software based firewall. Many such firewalls are free for Home users. 09. Use legal version of anti virus software and set ‘automatic update’. Perform full system virus scan once in a week. Use anti spy ware software to periodically to check infections. 10. Use plugins like Google toolbar for Internet explorer or firefox that has built in capability to warn potential malware or phishing websites.
  9. 9. Important Podcasts of this month at Leadership defined in Bhagwad Gita What prompted Jarnail Singh to throw shoe on Indian Home Minister? Music breeds success – All about Music UnSung Heroes – Bhumi Chennai Media students interact with Mr T S Krishnamurthy, Former Chief Election Commissioner of India N Gopalaswami, Former Chief Election Commissioner, a ‘Role-Model’ in Indian Civil Service PR Icon – Vikam Kharvi, Mumbai Free Online Virus, Trojan Horse and Malware scanners Symantec Security Check McAfee FreeScan Kaspersky Online Virus Scanner Panda ActiveScan 2.0 Avast! Online Scanner
  10. 10. PRCI Global Meet Public Relations Council of India (PRCI) organised 3rd Global PR Meet, “PRoActive” at Bangalore on 3-4 April 2009. During the event awards were given under various categories for excellence in PR and Communication. The following 11 Public Relations professionals were inducted into PRCI HALL OF FAME AWARDS 2009 (1) K. N. Ashok Kumar, Bangalore (2) Charanjith Singh, Chandigarh (3) Geetha Shankar, Chennai (4) B. N. Garudachar, Mumbai (5) Krishna Baji, Hyderabad (6) B N Kumar, Mumbai (7) KRM Reddy, Bellary, Hospet (8) B K Sahu, Kolkaa (9) Shivananda,New Delhi (10) Vishwanath Pandey, Varanasi (11) G P Jayakumar. Chennai Mr. Charanjit Singh, Managing Director, Core PR, Chandigarh is seen receiving Honour inducting him into Hall of Fame 2009 Ms Geetha Shankar, Chennai is seen receiving the Honour Mr Krishna Baji, Hyderabad is seen receiving the Honour
  11. 11. GFPR Foundation Day Global Forum for Public Relations (GFPR) celebrated their Foundation Day on 21st April 2009 at Hyderabad. They organised a Seminar on “Election 09 – Role of Media” with many eminent media persons sharing the views. Every year, GFPR presents the Golden Triangle Award to one outstanding Communication professional. The third of such Award was given to Mr M B Jayaram, Chairman Emeritus, Public Relations Council of India (PRCI). In the photo Mr Jayaram is seen receiving the Award from Sri Devulapalli Amar, Hon. Chairman Press Academy, AP. Mr B K Karuna, President of GFPR looks on (second from left) PR-eTTY ‘Excellence’ is a drive from inside, and not from outside A German once visited a temple under construction where he saw a sculptor making an idol of God. Suddenly he noticed a similar idol lying nearby. Surprised, he asked the sculptor, quot;Do you need two statues of the same idol?quot; quot;No,quot; said the sculptor without looking up, quot;We need only one, but the first one got damaged at the last stage.quot; The gentleman examined the idol and found no apparent damage. quot;Where is the damage?quot; he asked. quot;There is a scratch on the nose of the idol.quot; said the sculptor, still busy with his work. quot;Where are you going to install the idol?quot; The sculptor replied that it would be installed on a pillar twenty feet high. quot;If the idol is that far, who is going to know that there is a scratch on the nose?quot; the gentleman asked. The sculptor stopped his work, looked up at the gentleman, smiled and said, quot;I cannot install the statue when I know it has a defect.quot; The desire to excel is exclusive of the fact whether someone else appreciates it or not. “Excellencequot; is a drive from inside, not outside. Excellence is not for someone else to notice but for your own satisfaction and efficiency... Source: Unknown
  12. 12. PResenters of PReSENSE V. Rajendran M L Srinivasan K. Srinivasan Narrendiran Triambak Strategic Editor Guest Editor Editor in Chief Content Editor Sharma Cartoon Editor Veena Vinod V Poornima K. Bhavani Archana Verma International Editor International Editor Podcast Editor & Coordinating (South Asia) (USA) PodJockey Editor Singapore Published by Prime Point Foundation Feedback and sponsorship Past issues may be downloaded from Listen to India’s first pod-magazine one stop shop for podcasts on all subjects To subscribe to this ezine. Awards